CVE-2007-5280

Appfuse - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/37423

[Patch, Vendor Advisory] http://secunia.com/advisories/27041

[Various Sources] http://appfuse.org/display/APF/Release+Notes+2.0

[Various Sources] http://issues.appfuse.org/browse/APF-880

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25927

Scores

EPSS 0.0035

EPSS Percentile 57.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

appfuse/appfuse

Timeline

Published Oct 09, 2007

Tracked Since Feb 18, 2026